You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

3 Trojans Found And I Can't Remove Them! Please Help!

I have found the following threats on my system:- Trojan.Clicker.VB.TS- Trojan.Dropper.Microjoin.WA- Trojan.VB.TG- Adware.ISM.B- Adware.Nobound.A

Symtons: Computer is running very slow, I have difficulty using Internet Explorer (links on websites won't work, opening new windows takes an awful long time) and when trying to shut down the computer freezes on the screen that says "Windows is shutting down." I then have to manually shut the computer down.

I have gone through the preparation guide for cleaning computers from malware prior to posting this. However, it appears that one or more of the trojans interfered with the Deckard's System Scanner. I attempted to run the scanner three times, but the scan froze. The program also continued to have difficulty finding the Hijack This log. During the scan BitDefender denied access to Trojan.Dropper.Microjoin.WA, Trojan.VB.TG and Adware.Nobond.A. After denying access the Deckard System Scanner froze and I had to reboot the computer.

Here is my Hijack This log. I am really hoping someone can help me. Thanks, in advance.

BC AdBot (Login to Remove)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ttillmanMy name is Richie and i'll be helping you to fix your problems.

Please disable Spybot S&D’s protection,or it will interfere.You can enable it after you're clean.Open Spybot and click on 'Mode' and check 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Click the 'Allow Change' box.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Restart the computer.If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:http://www.russelltexas.com/malware/teatimer.htm

If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix and save to your desktop:NoteIt is important that it is saved directly to your desktopClose any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. NoteDo not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Please download OTMoveIt by OldTimer,save it to your desktop:http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exePlease double-click OTMoveIt.exe to run it.Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\win.tmpC:\WINDOWS\system.tmpC:\59F_tmp.vir

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.Click the red Moveit! button Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.Close OTMoveIt.If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Launch SuperAntiSpyware and click on 'Check for updates'.Once the updates have been installed,exit SuperAntiSpyware.Do not run it just yet.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing:O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)Exit Hijackthis.

Now double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.

If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE:If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE:If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.On the main screen click on 'Scan your computer'.Check: 'Perform Complete Scan'.Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.Make sure everything found has a checkmark next to it,then press 'Next'.Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:Click on 'Preferences'.Click on the 'Statistics/Logs' tab.Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.It will then open in your default text editor,such as Notepad.Copy and paste the contents of that report into your next reply.

Run this online virus/spyware scan using Internet Explorer:Kaspersky WebScannerNext click Kaspersky Online ScannerYou will be prompted to install an ActiveX component from Kaspersky, Click Yes.• The program will launch and then begin downloading the latest definition files: • Once the files have been downloaded click on NEXT • Now click on Scan Settings • In the scan settings make that the following are selected: • Scan using the following Anti-Virus database: • Standard • Scan Options: • Scan Archives• Scan Mail Bases• Click OK • Now under select a target to scan: • Select My Computer • This will start the program and scan your system. • The scan will take a while so be patient and let it run. • Once the scan is complete it will display if your system has been infected. • Now click on the Save as Text button: • Save the file to your desktop. • Copy and paste the contents of that file into your next reply.

Also post a new Hijackthis log,let me know how your pc is running now.

Wow, for the first time in a very long time all virus scanners came back "clean." The system is operating fast, Internet Explorer is back on track, and I can shut the computer down properly now.

I am truly grateful. Your advice has been invaluable! I will make sure I drag my husband back to this forum to make a donation. The level of service your forum provides, FOR FREE, is remarkable and definitely deserves to be shown appreciation with donations. I'll do my part for sure!!!!!!

Lastly, do you recommend I uninstall the following programs from my computer now? Or, is it best to keep them installed:

VirtumundoBeGone

Banmanpro.exe

OTMoveIt

ComboFix

Stinger

Deckard System Scanner

Below are all of the logs you requested:

OTMoveIt2 Results below:

C:\WINDOWS\win.tmp moved successfully.C:\WINDOWS\system.tmp moved successfully.C:\59F_tmp.vir moved successfully.

Download DelDomains.zip and extract/unzip it to your desktop:Now right click on Deldomains.inf then click on 'Install'.After right clicking on Deldomains.inf 'Install' it will have appeared nothing happened,this is normal.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing:O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)